Car CarHacking Village Update

Automotive cybersecurity has two sides, the automaker/Tier 1 side and the hacker side. The hacker side was in full force this week at the Car Hacking Village at DefCon, where the biggest bounties are for the coolest most elaborate circuit-boarded badges for cash-only $80 each. Some badges experienced battery issues that could be fixed.

There were several presentation sharing knowledge on how to break into car operating systems.

Attendees were able to learn how to extract CAN Signals from OpenXC and Radare3 sponsored by cloakware for automotive by ir.deta

The crowd cheered when Elon Musk showed up at the Car Hacking Village to answer questions. Musk thanked security researchers and he later tweeted that he would make Tesla software security software open source and available to automakers int the future. The Tweet was liked by 21.3K Twitter users. Telsa also updated its bug bounty terms, now if a hacker accidentally brick a Tesla security research will help fix it.

Spirent CommunicationSpirent researchers presented their latest findings and insights at several DEFCON Villages in Caesars Palace.

Karamba Security offered the #RiCANMorty challenge at the car hacking village, giving a drone to the winner.

Hackers had to escape from an SUV and also had the opportunity to hack a mobility scooter. There were OBD dongels specially designed for car hacking.

The Trillium team ran the Pass GO CTF challenge and to encouraging interest in automotive cyber security. They gave away an all-expenses paid week in Tokyo!

Randsomeware Hardware/Software Solution: ECyber for Before and After Market

International automotive technology provider ERM Advanced Telematics has completed development of an integrated hardware-software product that protects vehicles against ransomware and other cyber-attacks. The solution, called eCyber, is suited for both OEMs and the aftermarket. The eCyber technology, for which ERM has already registered a patent in Israel, is due to be available in the 4th quarter of 2018 for all of the company’s customers and partners in 68 countries worldwide.

When compared to other solutions on the market today, ERM’s eCyber uniqueness is that it can be installed in a vehicle by authorized parties, such as vehicle importers and fleet managers in the aftermarket stage, after the vehicle left the factory as well as by the OEM itself during the manufacturing process.

The eCyber, is installed between the vehicle’s external communications device and the vehicle’s CAN Bus (Controller Area Network Bus). The eCyber performs as a secure gateway for outside communications to the CAN Bus, allowing only communications with predefined and known parameters and values to go through. At the same time, it immediately blocks any unrecognized communications to and from the CAN Bus. In this way, no malicious digital communications can disrupt the functioning of the vehicle. The eCyber, which is installed in the vehicle, is a combined hardware and software solution in a single compact box.

Ransomware attacks are emerging as some of the most serious cyber risks with which connected cars must withstand. During a ransomware attack on a connected car, hackers remotely connect to the car, damage or lock it, and demand that the owner pay them ransom to resume its proper operation.

ERM Starlink Finds Stolen & Lost Vehicles

ERM Advanced Telematics, a leading designer, developer and manufacturer of vehicle tracking and security devices, announced today that the company has introduced to the market its StarLink eConnect device, an innovative vehicle tracking device with unique jamming mitigation and location networking capabilities.

Today, many car thieves no longer rely on forcefully removing vehicle tracking devices during the act of stealing a vehicle and have learned to bypass the location tracking capacities of standard vehicle tracking devices with readily-available and inexpensive jamming devices that interfere with the GPS/GSM radio frequency signals transmitted by vehicle tracking devices.

StarLink eConnect enables a unique anti-theft solution that counters these recent tactics commonly used by car thieves. StarLink eConnect is based on ERM’s powerful vehicle tracking device family and includes an add-on patented technology for jamming mitigation and location networking. These jamming mitigation capabilities are able to identify when the location signal of the vehicle tracking device is being interfered with by a jamming device.

If and when a StarLink eConnect device identifies that its location signal is being interfered with, the device begins to transmit alerts along with location and time stamp information over a dedicated open frequency. These alerts are then rebroadcasted by other StarLink eConnect devices installed on additional vehicles in the vicinity. These alerts are trackable in real-time and provide a Stolen Vehicle Recovery service provider an improved indication of the location of a stolen vehicle.

The Federal Bureau of Investigation estimates that in the United States the total value of motor vehicle thefts exceed $4.5b in 2014, while only just over half of the locally stolen vehicles were recovered.

ERM has already successfully deployed pilot implementations of StarLink eConnect at a number of Stolen Vehicle Recovery (SVR) service provider customers in South America and Israel.

In order to extend the coverage range, individual StarLink eConnectdevices can be installed in public locations, such as major intersections in areas where car thefts are common or on dedicated patrol vehicles, to further improve tracking and stolen vehicle recovery rates.

SUBSCRIBE

You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.